08 December 2007

Human Factors: Minds Eye of Risk...

There seems to be some continuing debate out there about the concept of adopting a strategy of "Protection" vs. "Resilience". The question is whether to focus your resources and assets on preemptive or adaptive missions.

Whenever organizations adopt the guards gates and guns mentality as a high ratio of deployed assets and presence, it does have a deterrence effect. Having a high profile, showing your hand and creating a visible barrier to obtaining the desired target(s) can have a positive outcome however, it must be in greater balance with the ability to be agile and to adapt to human factors. Resilience represents a layered approach with multiple contingencies and the mindset that even the highest walls, stealth technology or deepest oceans will not prevent catastrophic failure from a future occurrence.

The topic along with the critical infrastructure nexus has been discussed in depth for almost the past year. Grants, studies and academia have found this "Protection" vs. "Resiliency" debate worth writing about:

The goal of this working paper series is to point out trajectories of the concept of critical infrastructure resilience in theory, policy, and implementation. On the one hand, “resilience” may just be another policy buzzword; but on the other hand, it might indicate a shift in perception and priority of threats, vulnerabilities, and consequences. Indeed, the Critical Infrastructure Task Force (CITF) has recently recommended to the Homeland Security Advisory Committee (HSAC) to “Promulgate Critical Infrastructure Resilience (CIR) as the top-level strategic objective - the desired outcome - to drive national policy and planning.”

Defined broadly as the ability of a system to withstand to and recover from adversity, resilience is increasingly applied to larger social and technical systems. Stress and adversity are experienced not only by individuals and groups, but also by organizations and institutions. In the context of increasing natural and man-made threats and vulnerabilities of modern societies, the concept seems particularly useful to inform policies that mitigate the consequences of such adverse and potentially catastrophic events.

While each of the authors in the white paper cited above from George Mason University have their unique perspectives on the topic being discussed, yet Lewis J. Perelman Senior FellowHomeland Security Policy Institute, in Washington, DC gets the prize:

"The allure of resilience is stoked by the contradictions and thorny tradeoffs inherent in traditional concepts of ‘national security’ in an age of increasing social-technical complexity, transnational ‘globalization,’ and ‘asymmetric’ conflict. Certainly, ‘homeland security’ has realized, since 2001, both political impetus and bureaucratic mass. Nevertheless it has been fraught by a tumultuous and yet unresolved quest to reconcile legitimate but competing social objectives:

As the debate continues on a hard vs. soft policy perspective Perelman identifies one of the key components of Operational Risk Management. Human Factors. His suggestion of adding human factors to the equation for risk is critical to the issue:

Risk = HF(Threat x Vulnerability x Consequences)

where HF is a function of the “soft” human factors that translate the “hard,” physical parameters of engineering failure into human perceptions, emotions, and behavior.

Human behavior and the perception of risk continues to be at the center of the overall discussion. Socially, what is more of a threat? Loss of the use of a half dozen buildings, an entire city or the Internet itself. Is the threat a hurricane, a radiological device or the most deviant virus known to date?

The perception of "Risk" as being in the eye of the beholder is not new here. The policy being shaped across the globe however, is moving rapidly towards a mindset of agility, adaptiveness and endurance. That alone, should be the clue that resilience will become a major facet of the risk strategy paradigm of choice in the next decade.

No comments:

Post a Comment

About

Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institutions activities.

"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing." --E. Burke